Date: Fri, 30 Mar 2001 23:10:01 -0600 From: Mike Meyer <mwm@mired.org> To: Peter Brezny <peter@black.purplecat.net> Cc: questions@freebsd.org Subject: Re: ipfw with fqdn instead of ip possible? Message-ID: <15045.26281.849318.648434@guru.mired.org> In-Reply-To: <78513393@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Brezny <peter@black.purplecat.net> types: > To allow cable modem users access to a system, i'm trying to setup ipfw > rules like this > > ipfw add allow tcp from host.domain.com port to $oip port in via $oif > keep-state > > The problem i am having appears to be that named is starting after the > firewall rules are loaded. (sh /etc/rc.firewall-hostnames works after the > system has sucessfully booted with a firewall in place that has no > hostnames present). > > is there a way to get the system to start named first? > > I've placed the firewall startup info in /etc/rc.conf last, but the > firewall rules are being run first. How about moving /etc/rc.firewall-hostnames to /usr/local/etc/rc.d/firewall-hostnames.sh, and making it executable? You'll want to leave the parts of the firewall that aren't hostname-dependent in the standard firewall startup so your system will start properly, then enable the hostname-based holes after everything is up and running. BTW, you'll probably want to make that script able to reload all the rules on the running system, as you'll still need to do that every time a cable modem user looses their lease and then updates the dns. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15045.26281.849318.648434>